Advertisements

 A new and working PayPal XSS

Written by DP

Saturday, 27 October 2007

A new critical PayPal XSS was submitted to our archive by Fugitif. It can be exploited by malicious people to conduct phishing attacks. This cross-site scripting issue might be leveraged by an attacker to steal cookie based authentication credentials.

It is still working as of today:

Link

Mirror:

http://www.xssed.com/mirror/24017/

PayPal was XSSed in the past:

XSS:
1st paypal.com XSS vulnerability notified by 142TeeTH
2nd paypal.com XSS vulnerability notified by 142TeeTH

NEWS:
PayPal XSS adventure has finally come to an end
PayPal is again vulnerable to XSS


PayPal is known to remediate security issues in a very short time. We hope that Fugitif has already contacted their staff about the issue.


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.